[Samba] Kerberos ticket lifetime
Rowland penny
rpenny at samba.org
Thu Oct 1 10:57:13 UTC 2020
On 01/10/2020 11:22, Remy Zandwijk wrote:
>
>
>> On 1 Oct 2020, at 10:31, Rowland penny via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>
>> On 01/10/2020 00:23, Jason Keltz via samba wrote:
>>>
>>> Remy,
>>>
>>> On the domain controller (samba-ad-dc), I have in the config:
>>> kdc:user ticket lifetime = 24
>> I do not recognise that smb.conf option, could this be another
>> freebsd change that was never sent upstream or, if it was, it was
>> rejected ?
>
> Uh, no?
>
> https://wiki.samba.org/index.php/Samba_KDC_Settings
>
> So the question is, is that info on the Wiki (still) valid and if so,
> why isn't it documented in the smb.conf man page?
Well, you learn something new everyday :-)
A quick search in 'man smb.conf' on 'kdc', turns this up:
gpo update command (G)
This option sets the command that is called to apply GPO policies.
The samba−gpupdate script applies System Access and Kerberos Policies to
the KDC.
System Access policies set minPwdAge, maxPwdAge, minPwdLength, and
pwdProperties in the samdb.
Kerberos Policies set kdc:service ticket lifetime, kdc:user ticket
lifetime, and kdc:renewal lifetime in smb.conf.
Apart from the wiki page (which dates back to 2014), that is it.
Let me look into this further.
Rowland
More information about the samba
mailing list